WARNING in __ieee80211_beacon_get (2)
9 views
Skip to first unread message
syzbot
May 8, 2021, 2:20:16 PM5/8/21
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3c8c2309 Linux 4.19.190
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=166a6595d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=d3c2572d41264a3d
dashboard link: https://syzkaller.appspot.com/bug?extid=85e0b8d12d9ca877d806
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+85e0b8...@syzkaller.appspotmail.com
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007fff16ede85f R14: 00007ff412082300 R15: 0000000000022000
WARNING: CPU: 0 PID: 8137 at net/mac80211/tx.c:4134 __ieee80211_csa_update_counter net/mac80211/tx.c:4134 [inline]
WARNING: CPU: 0 PID: 8137 at net/mac80211/tx.c:4134 __ieee80211_csa_update_counter net/mac80211/tx.c:4129 [inline]
WARNING: CPU: 0 PID: 8137 at net/mac80211/tx.c:4134 __ieee80211_beacon_get+0x1678/0x1a30 net/mac80211/tx.c:4327
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 8137 Comm: syz-executor.1 Not tainted 4.19.190-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
panic+0x26a/0x50e kernel/panic.c:186
__warn.cold+0x20/0x5a kernel/panic.c:541
report_bug+0x262/0x2b0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
fixup_bug arch/x86/kernel/traps.c:173 [inline]
do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038
RIP: 0010:__ieee80211_csa_update_counter net/mac80211/tx.c:4134 [inline]
RIP: 0010:__ieee80211_csa_update_counter net/mac80211/tx.c:4129 [inline]
RIP: 0010:__ieee80211_beacon_get+0x1678/0x1a30 net/mac80211/tx.c:4327
Code: 85 70 03 00 00 41 0f b6 45 24 31 ff 44 8d 60 ff 45 88 65 24 44 89 e6 e8 b6 b8 c0 f9 45 84 e4 0f 85 4f f5 ff ff e8 78 b7 c0 f9 <0f> 0b e9 43 f5 ff ff e8 6c b7 c0 f9 e8 d7 e5 ae f9 31 ff 41 89 c4
RSP: 0018:ffff8880ba007c60 EFLAGS: 00010206
RAX: ffff888097bb0140 RBX: ffff88803f633290 RCX: ffffffff87a1a6ea
RDX: 0000000000000100 RSI: ffffffff87a1a6f8 RDI: 0000000000000001
RBP: ffff88803f5698a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
R13: ffff8880a1a30e40 R14: 0000000000000000 R15: ffff8880ba007da8
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
ieee80211_beacon_get_tim+0x88/0x890 net/mac80211/tx.c:4443
ieee80211_beacon_get include/net/mac80211.h:4484 [inline]
mac80211_hwsim_beacon_tx+0xff/0x680 drivers/net/wireless/mac80211_hwsim.c:1577
__iterate_interfaces+0x2e1/0x4a0 net/mac80211/util.c:614
ieee80211_iterate_active_interfaces_atomic+0x8d/0x170 net/mac80211/util.c:650
mac80211_hwsim_beacon+0xc9/0x190 drivers/net/wireless/mac80211_hwsim.c:1615
__tasklet_hrtimer_trampoline+0x29/0xa0 kernel/softirq.c:601
tasklet_action_common.constprop.0+0x265/0x360 kernel/softirq.c:522
__do_softirq+0x265/0x980 kernel/softirq.c:292
do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092
</IRQ>
do_softirq.part.0+0x160/0x1c0 kernel/softirq.c:336
do_softirq kernel/softirq.c:328 [inline]
__local_bh_enable_ip+0x20e/0x270 kernel/softirq.c:189
lock_sock include/net/sock.h:1510 [inline]
do_ip_getsockopt+0x251/0x17a0 net/ipv4/ip_sockglue.c:1328
ip_getsockopt+0x87/0x1c0 net/ipv4/ip_sockglue.c:1559
tcp_getsockopt+0x86/0xd0 net/ipv4/tcp.c:3629
__sys_getsockopt+0x135/0x210 net/socket.c:1938
__do_sys_getsockopt net/socket.c:1949 [inline]
__se_sys_getsockopt net/socket.c:1946 [inline]
__x64_sys_getsockopt+0xba/0x150 net/socket.c:1946
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x467c0a
Code: 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe641efd78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
RAX: ffffffffffffffda RBX: 00000000005411a0 RCX: 0000000000467c0a
RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffe641efd9c R09: 00007ffe641f02f0
R10: 00007ffe641efda0 R11: 0000000000000246 R12: 0000000000000003
R13: 00007ffe641efda0 R14: 0000000000000000 R15: 00007ffe641efd9c
CPU: 1 PID: 12514 Comm: syz-executor.0 Not tainted 4.19.190-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0xf lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0x10 mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc_node mm/slab.c:3304 [inline]
kmem_cache_alloc_node+0x245/0x3b0 mm/slab.c:3647
__alloc_skb+0x71/0x560 net/core/skbuff.c:193
alloc_skb include/linux/skbuff.h:995 [inline]
netlink_alloc_large_skb net/netlink/af_netlink.c:1190 [inline]
netlink_sendmsg+0x9ee/0xc40 net/netlink/af_netlink.c:1884
sock_sendmsg_nosec net/socket.c:622 [inline]
sock_sendmsg+0xc3/0x120 net/socket.c:632
___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2115
__sys_sendmsg net/socket.c:2153 [inline]
__do_sys_sendmsg net/socket.c:2162 [inline]
__se_sys_sendmsg net/socket.c:2160 [inline]
__x64_sys_sendmsg+0x132/0x220 net/socket.c:2160
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4665f9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb33d94e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9
RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003
RBP: 00007fb33d94e1d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffc7be8391f R14: 00007fb33d94e300 R15: 0000000000022000
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 3c8c2309 Linux 4.19.190
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=166a6595d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=d3c2572d41264a3d
dashboard link: https://syzkaller.appspot.com/bug?extid=85e0b8d12d9ca877d806
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+85e0b8...@syzkaller.appspotmail.com
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007fff16ede85f R14: 00007ff412082300 R15: 0000000000022000
WARNING: CPU: 0 PID: 8137 at net/mac80211/tx.c:4134 __ieee80211_csa_update_counter net/mac80211/tx.c:4134 [inline]
WARNING: CPU: 0 PID: 8137 at net/mac80211/tx.c:4134 __ieee80211_csa_update_counter net/mac80211/tx.c:4129 [inline]
WARNING: CPU: 0 PID: 8137 at net/mac80211/tx.c:4134 __ieee80211_beacon_get+0x1678/0x1a30 net/mac80211/tx.c:4327
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 8137 Comm: syz-executor.1 Not tainted 4.19.190-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
panic+0x26a/0x50e kernel/panic.c:186
__warn.cold+0x20/0x5a kernel/panic.c:541
report_bug+0x262/0x2b0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
fixup_bug arch/x86/kernel/traps.c:173 [inline]
do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038
RIP: 0010:__ieee80211_csa_update_counter net/mac80211/tx.c:4134 [inline]
RIP: 0010:__ieee80211_csa_update_counter net/mac80211/tx.c:4129 [inline]
RIP: 0010:__ieee80211_beacon_get+0x1678/0x1a30 net/mac80211/tx.c:4327
Code: 85 70 03 00 00 41 0f b6 45 24 31 ff 44 8d 60 ff 45 88 65 24 44 89 e6 e8 b6 b8 c0 f9 45 84 e4 0f 85 4f f5 ff ff e8 78 b7 c0 f9 <0f> 0b e9 43 f5 ff ff e8 6c b7 c0 f9 e8 d7 e5 ae f9 31 ff 41 89 c4
RSP: 0018:ffff8880ba007c60 EFLAGS: 00010206
RAX: ffff888097bb0140 RBX: ffff88803f633290 RCX: ffffffff87a1a6ea
RDX: 0000000000000100 RSI: ffffffff87a1a6f8 RDI: 0000000000000001
RBP: ffff88803f5698a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
R13: ffff8880a1a30e40 R14: 0000000000000000 R15: ffff8880ba007da8
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
ieee80211_beacon_get_tim+0x88/0x890 net/mac80211/tx.c:4443
ieee80211_beacon_get include/net/mac80211.h:4484 [inline]
mac80211_hwsim_beacon_tx+0xff/0x680 drivers/net/wireless/mac80211_hwsim.c:1577
__iterate_interfaces+0x2e1/0x4a0 net/mac80211/util.c:614
ieee80211_iterate_active_interfaces_atomic+0x8d/0x170 net/mac80211/util.c:650
mac80211_hwsim_beacon+0xc9/0x190 drivers/net/wireless/mac80211_hwsim.c:1615
__tasklet_hrtimer_trampoline+0x29/0xa0 kernel/softirq.c:601
tasklet_action_common.constprop.0+0x265/0x360 kernel/softirq.c:522
__do_softirq+0x265/0x980 kernel/softirq.c:292
do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092
</IRQ>
do_softirq.part.0+0x160/0x1c0 kernel/softirq.c:336
do_softirq kernel/softirq.c:328 [inline]
__local_bh_enable_ip+0x20e/0x270 kernel/softirq.c:189
lock_sock include/net/sock.h:1510 [inline]
do_ip_getsockopt+0x251/0x17a0 net/ipv4/ip_sockglue.c:1328
ip_getsockopt+0x87/0x1c0 net/ipv4/ip_sockglue.c:1559
tcp_getsockopt+0x86/0xd0 net/ipv4/tcp.c:3629
__sys_getsockopt+0x135/0x210 net/socket.c:1938
__do_sys_getsockopt net/socket.c:1949 [inline]
__se_sys_getsockopt net/socket.c:1946 [inline]
__x64_sys_getsockopt+0xba/0x150 net/socket.c:1946
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x467c0a
Code: 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe641efd78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
RAX: ffffffffffffffda RBX: 00000000005411a0 RCX: 0000000000467c0a
RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffe641efd9c R09: 00007ffe641f02f0
R10: 00007ffe641efda0 R11: 0000000000000246 R12: 0000000000000003
R13: 00007ffe641efda0 R14: 0000000000000000 R15: 00007ffe641efd9c
CPU: 1 PID: 12514 Comm: syz-executor.0 Not tainted 4.19.190-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0xf lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0x10 mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc_node mm/slab.c:3304 [inline]
kmem_cache_alloc_node+0x245/0x3b0 mm/slab.c:3647
__alloc_skb+0x71/0x560 net/core/skbuff.c:193
alloc_skb include/linux/skbuff.h:995 [inline]
netlink_alloc_large_skb net/netlink/af_netlink.c:1190 [inline]
netlink_sendmsg+0x9ee/0xc40 net/netlink/af_netlink.c:1884
sock_sendmsg_nosec net/socket.c:622 [inline]
sock_sendmsg+0xc3/0x120 net/socket.c:632
___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2115
__sys_sendmsg net/socket.c:2153 [inline]
__do_sys_sendmsg net/socket.c:2162 [inline]
__se_sys_sendmsg net/socket.c:2160 [inline]
__x64_sys_sendmsg+0x132/0x220 net/socket.c:2160
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4665f9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb33d94e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9
RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003
RBP: 00007fb33d94e1d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffc7be8391f R14: 00007fb33d94e300 R15: 0000000000022000
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Oct 2, 2021, 12:19:12 AM10/2/21
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages